Stagefright is the native media playback engine for all versions of Android since 2.2 ("Froyo") and the attack is said to be very simple indeed, requiring only the phone number of the handset in question in order to execute remote code. The bug was discovered by Zimperium zLabs who state that they'll release full details of the flaw at the Black Hat conference next week in Las Vegas.

It's a worrying flaw on two fronts. Firstly, it's not an exploit that requires any kind of user action to implement in any way at all. The example cited is to send a vulnerable device a simple MMS which can then self-delete.

Then there's the issue that Android updates for older devices are often an afterthought; the bug is said to be particularly worrying for any devices older than Android 4.2 as they lack certain exploit mitigations built into newer versions of Android.

That will work for all the times black hats have notified manufacturers and they have done nothing for months or years until they go public. They don't fix exploits for security reasons they fix them for PR reasons.

Often it is the publicity that forces their hand to patch it. There have been numerous examples where companies have denied exploits being present in their product, despite overwhelming evidence to the contrary.
I'm struggling to recall the name of one at the moment, but there was a high profile case a few years (2011-2012?) ago, where a company publicly stated there was no issues, despite their helpdesk being hammered with people complaining of the issue.
Later it was revealed the CEO and the upper management had full knowledge of the issue, but still chose to lie to the public, and in essence, call their customers liars.

Plus, if you're with Telstra it takes forever to get an update. Both the Xperia Z3 and Galaxy Note Edge Lollipop updates were delayed due to unnamed 'issues' seemingly discovered on the day they were meant to roll out

To squash this bug, all you need to do is turn off auto-retrieve for MMS (picture messages using the SMS app)

Then don't open MMS some suspicious people you don't know.

Solution #2 is to disable MMS send/receive all together, which you can do by changing the Access Point Name settings in your phone.

Then instead of a picture message from your mum (because anyone younger than your mum will be using an OTT app to send pics like whatsapp or viber or hangouts) you will get a text from your carrier asking you to visit a website to see that MMS. Much safer.

I use MMS all the time. Anyone with a phone these days has access to MMS, but trying to keep track of who uses Viber, whatsapp etc. Screw that. Why use 16 different apps when you can just use built in? I'm not so needy that I desperately need to see when/if someone read my message... Which is the only benefit to those apps that I can see.